Open Source

Introducing wachy: A New Approach to Performance Debugging

Wachy is a new Linux performance debugging tool that Rubrik recently released as open source. It enables interesting new ways of understanding performance by tracing arbitrary compiled binaries and functions with no code changes. This blog post briefly outlines various performance debugging tools that we commonly use, and the advantages and disadvantages of each. Then, we discuss why and how we built wachy.

Building cost-efficient open source cloud operations

On average, 55% of IT budgets are spent on operations, keeping the lights on. Organisations are constantly trying to find the right balance between running efficient operations and exploring the new possibilities of digital transformation. And as more organisations move towards the cloud, many missed expectations occur. But how can an organisation build the right strategy to minimise the skill gap and spend less on operations while increasing efficiency and innovation?

The JNDI Strikes Back - Unauthenticated RCE in H2 Database Console

Very recently, the JFrog security research team has disclosed an issue in the H2 database console which was issued a critical CVE – CVE-2021-42392. This issue has the same root cause as the infamous Log4Shell vulnerability in Apache Log4j (JNDI remote class loading). H2 is a very popular open-source Java SQL database offering a lightweight in-memory solution that doesn’t require data to be stored on disk.

Open Source Projects Contribute to in 2022

With a nearly endless array of open source projects available to contribute to these days, knowing where to start contributing can feel easier said than done. Need some inspiration? Whether you’re new to the world of open source, are gearing up for Open Source Fridays in the new year, or just want to see what other folks are excited about, check out a few of our favorite open source projects to contribute to in 2022.

Log4j Detection with JFrog OSS Scanning Tools

The discovery of the Log4Shell vulnerability in the ubiquitous Apache Log4j package is a singular event in terms of both its impact and severity. Over 1 million attack attempts exploiting the Log4Shell vulnerability were detected within days after it was exposed, and it may take years before we see its full impact.

Announcement: Pleco - the open-source Kubernetes and Cloud Services garbage collector

TLDR; Pleco is a service that automatically removes Cloud managed services and Kubernetes resources based on tags with TTL. When using cloud provider services, whether using UI or Terraform, you usually have to create many resources (users, VPCs, virtual machines, clusters, etc...) to host and expose an application to the outside world. When using Terraform, sometimes, the deployment will not go as planned.

Open Source FOMO? Not with Tanzu Application Platform

If you are not familiar with the term, FOMO is short for “fear of missing out,” and some developers are feeling it these days. Developers want to be a part of a technical community and stay current by working on, and with, the most innovative technologies. Open source FOMO comes when they witness their peers getting to explore new technologies that help them get ahead, while they’re bogged down with stale technology and monolithic apps.